Wednesday, April 15, 2009

There is a vulnerability in the implementation of history.go() function in Internet Explorer 6 exposed via JavaScript. The vulnerability enables the execution of arbitrary code if the user visits a web page controlled by the attacker.

The vulnerability

The vulnerability is in the erroneous implementation of history.go() function when called with a certain argument.

Impact

This vulnerability can be used to achieve remote code execution when a victim visits a specially crafted web page.

PoC

Due to the spread and the impact of the vulnerability, exploiting details will not be released at this time.

About Me

Ivan Fratric currently works as an information security engineer at a large software company. Before that, he was a research and teaching assistant at the University of Zagreb and a security enthusiast, as documented on this blog.

The opinions expressed herein are my own and do not represent my employer’s views in any way.